You can check mime type of uploaded image before upload to media. Add mimeTypes in $allowmimeType
which you want to allow. then check uploaded files mimetype $fileMimeType
. If not found in allowed mimetype then return false.
// Insert Attachment
function insert_attachment($file_handler, $post_id, $setthumb='false') {
if ($_FILES[$file_handler]['error'] !== UPLOAD_ERR_OK){ return __return_false();
}
# uploaded file type
$fileMimeType = $_FILES[$file_handler]['type'];
# allowed types
$allowmimeType = array(
'png' => 'image/png',
'jpeg' => 'image/jpeg',
'gif' => 'image/gif',
);
# check if mime type type
if(!in_array($fileMimeType,$allowmimeType) ){
return __return_false();
}
require_once(ABSPATH . "wp-admin" . '/includes/image.php');
require_once(ABSPATH . "wp-admin" . '/includes/file.php');
require_once(ABSPATH . "wp-admin" . '/includes/media.php');
//echo $attach_id = media_handle_upload($file_handler, $post_id);
$attach_id = media_handle_upload($file_handler, $post_id);
if ($setthumb == 1) update_post_meta($post_id, '_thumbnail_id', $attach_id);
return $attach_id;
}